cookbook 'ssh-private-keys', '~> 2.0.2'
ssh-private-keys (4) Versions 2.0.2 Follow0
Deploy OpenSSH private keys
cookbook 'ssh-private-keys', '~> 2.0.2', :supermarket
knife supermarket install ssh-private-keys
knife supermarket download ssh-private-keys
ssh-private-keys-cookbook
Chef cookbook to deploy OpenSSH private keys on a system. Data is stored in the encrypted data bag or chef-vault which name is specified in the attribute node['ssh-private-keys']['data_bag_name']
(by default ssh-private-keys
). Data bag may have two layouts: simple and andvanced. In simple layout bag item name contains the name of the user which key you're want to deploy. Advanced layout is more complex and should match the node.chef_environment
value.
Simple data bag format
{ "id": "admin1", "keys": { "id_rsa": "" } }
Advanced data bag format
{ "id": "development", "server1.acme.corp": { "admin1": { "id_rsa": "", } }, "server2.acme.corp": { "admin2": { "id_ed25519": "" } } }
Resources
ssh_private_key
Keys deployment is made by using ssh_private_key
resource. For example,
ssh_private_key 'admin1'
Server hostname will be automatically detected and the appropriate record will be retrieved from the encrypted data bag. All keys in the specified record (e.g. RSA, Ed25519) will be placed under user's SSH directory (/home/username/.ssh
).
Attributes
You can use attributes to specify the default behavior for ssh_private_key
resource.
-
default['ssh-private-keys']['default_source']
- Specify 'databag' or 'chef-vault' -
default['ssh-private-keys']['data_bag_name']
- Bag name or vault name to load ssh keys from -
default['ssh-private-keys']['data_bag_layout']
- Specify databag layout type. May be 'simple' or 'advanced'
Properties
You can override default values specified in attributes by defining custom properties on the particular resource.
ssh_private_key
resource has the following properties:
-
source
- Specify 'databag' or 'chef-vault' -
bag
- Data bag name or vault name to load ssh keys from (default is 'ssh-private-keys') -
layout
- Specify databag layout type. May be 'simple' or 'advanced' (default)
Example resource usage
user "test" ssh_private_key "test" do source 'chef-vault' layout 'simple' end
Testing
Run script/bootstrap
to install necessary Ruby Gems.
Run script/test
to perform KitchenCI tests.
License
MIT @ Alexander Pyatkin
Dependent cookbooks
This cookbook has no specified dependencies.
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
Collaborator Number Metric
2.0.2 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
2.0.2 failed this metric
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): ssh-private-keys/resources/ssh_private_key.rb: 1
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 53
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 62
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 78
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): ssh-private-keys/metadata.rb: 10
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): ssh-private-keys/metadata.rb: 11
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): ssh-private-keys/metadata.rb: 6
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
2.0.2 passed this metric
Testing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
2.0.2 failed this metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Cookstyle Metric
2.0.2 failed this metric
Chef/Deprecations/ResourceWithoutUnifiedTrue: Set `unified_mode true` in Chef Infra Client 15.3+ custom resources to ensure they work correctly in Chef Infra Client 18 (April 2022) when Unified Mode becomes the default. (https://docs.chef.io/workstation/cookstyle/chef_deprecations_resourcewithoutunifiedtrue): ssh-private-keys/resources/ssh_private_key.rb: 1
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 53
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 62
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 78
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): ssh-private-keys/metadata.rb: 10
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): ssh-private-keys/metadata.rb: 11
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): ssh-private-keys/metadata.rb: 6
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
No Binaries Metric
2.0.2 passed this metric
Testing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
2.0.2 failed this metric
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 53
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 62
Chef/Modernize/DatabagHelpers: Use the `data_bag_item` helper instead of `Chef::DataBagItem.load` or `Chef::EncryptedDataBagItem.load`. (https://docs.chef.io/workstation/cookstyle/chef_modernize_databaghelpers): ssh-private-keys/libraries/default.rb: 78
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): ssh-private-keys/metadata.rb: 10
Chef/Modernize/RespondToInMetadata: It is no longer necessary to use respond_to? or defined? in metadata.rb in Chef Infra Client 12.15 and later (https://docs.chef.io/workstation/cookstyle/chef_modernize_respondtoinmetadata): ssh-private-keys/metadata.rb: 11
Chef/RedundantCode/LongDescriptionMetadata: The long_description metadata.rb method is not used and is unnecessary in cookbooks. (https://docs.chef.io/workstation/cookstyle/chef_redundantcode_longdescriptionmetadata): ssh-private-keys/metadata.rb: 6
Run with Cookstyle Version 7.32.1 with cops Chef/Deprecations,Chef/Correctness,Chef/Sharing,Chef/RedundantCode,Chef/Modernize,Chef/Security,InSpec/Deprecations
2.0.2 passed this metric
Testing File Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
2.0.2 failed this metric
2.0.2 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number